I support Steffi's suggestion (i.e. make it pop-only here and allow non-pop profiles in the framework).
/Ludwig -----Original Message----- From: Stefanie Gerdes <[email protected]> Sent: den 3 augusti 2020 16:18 To: Seitz Ludwig <[email protected]>; Benjamin Kaduk <[email protected]>; Paul Kyzivat <[email protected]> Cc: [email protected]; General Area Review Team <[email protected]>; [email protected] Subject: Re: Gen-ART Last Call review of draft-ietf-ace-dtls-authorize-12 Hi all, On 08/03/2020 08:21 AM, Seitz Ludwig wrote: >>>> * Also in section 3.3.1: >>>> >>>> ... This >>>> specification assumes that the access token is a PoP token as >>>> described in [I-D.ietf-ace-oauth-authz] unless specifically stated >>>> otherwise. <snip> Since no alternatives to PoP tokens are mentioned in the DTLS profile, I would change this to: "This specification implements access tokens as proof-of-possession tokens". Maybe the framework may add that a profile that uses a different token type must specify how this would work. Viele Grüße Steffi _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
